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1 Sup portin g structured credentials and sensitive policies throu g h interoperable 
^ strate g ies for automated trust negotiation 
^ Ting Yu, Marianne Winslett, Kent E. Seamons 

February 2003 ACM Transactions on Information and System Security (TISSEC), volume 

6 Issue 1 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 
terms , review 

Business and military partners, companies and their customers, and other closely 
cooperating parties may have a compelling need to conduct sensitive interactions on line, 
such as accessing each other's local services and other local resources. Automated trust 
negotiation is an approach to establishing trust between parties so that such interactions 
can take place, through the use of access control policies that specify what combinations 
of digital credentials a stranger must disclose to gain acc ... 

Keywords: Automated trust negotiation, access control, digital credentials, interoperable 
strategies 



Full text available: pdf( 507.29 KB) 



2 D ynamic Access Control: An access control model for dynamic client-side content 
^ Adam Hess, Kent E. Seamons 

v June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies SACMAT '03 

Publisher: ACM Press 

Full text available: *g| pdf(608.50 KB) Additional Information: full citation , abstract , references , index terms 

The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources are usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this paper, we turn the 
traditional client/server access control model on its head, and address how to protect the 
sensitive content that clients disclose to serve ... 

Keywords: access control, authentication, credentials, trust negotiation 
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August 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 

Issue 3 
Publisher: ACM Press 

Full text available* fflpdffBI 5.36 KB) Additional Information: full citation , abstract, references , citings, index 
' ^ terms 

The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources is usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this article, we turn the 
traditional client/server access control model on its head and address how to protect the 
sensitive content that clients disclose to and r ... 

Keywords: Trust negotiation, access control, authentication, credentials 



4 Constructin g fair-exchang e protocols for E-commerce via distributed computation of 
^ RSA si g natures 

^ Jung Min Park, Edwin K. P. Chong, Howard Jay Siegel 

July 2003 Proceedings of the twenty-second annual symposium on Principles of 
distributed computing PODC '03 

Publisher: ACM Press 

Full text available- « pdf(1.03MB) Additional Information: full citation , abstract, references , citings, index 
" terms , review 

Applications such as e-commerce payment protocols, electronic contract signing, and 
certified e-mail delivery require that fair exchange be assured. A fair-exchange protocol 
allows two parties to exchange items in a fair way so that either each party gets the 
other's item, or neither party does. We describe a novel method of constructing very 
efficient fair-exchange protocols by distributing the computation of RSA signatures. 
Specifically, we employ multisignatures based on the RSA-signature sch ... 

Keywords: Fair-exchange protocols, RSA signatures, e-commerce, multisignatures, zero- 
knowledge proofs 



5 Secure Data Publishing and Certificate Management: Interoperable strategies in 
automated trust ne g otiation 

^ Ting Yu, Marianne Winslett, Kent E. Seamons 

November 2001 Proceedings of the 8th ACM conference on Computer and 

Communications Security CCS '01 
Publisher: ACM Press 

Full text available- « odf(200.92 KB ) Additional lnformation: Mutation, abstract, references , citings, index 
^ terms 

Automated trust negotiation is an approach to establishing trust between strangers 
through the exchange of digital credentials and the use of access control policies that 
specify what combinations of credentials a stranger must disclose in order to gain access 
to each local service or credential. We introduce the concept of a trust negotiation 
protocol, which defines the ordering of messages and the type of information messages 
will contain. To carry out trust negotiation, a party pairs i ... 

6 Separate handles from names on the internet 
Michael J. O'Donnell 

December 2005 Communications of the ACM, volume 48 issue 12 
Publisher: ACM Press 

Full text available: ^g).pdf(83.49 KB) Additional Information: full citation , abstract , references , index terms 
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The human meaning of domain names attracts conflict over their control, degrading their 
reliability as permanent handles. Solution: support handles separately from names. 

7 Grid Security Framework for Mana gin g the Certificate Q 
Nilar Thein, Thinn Thu Naing 

December 2006 Proceedings of the 2006 IEEE/WIC/ACM International Conference on 
Web Intelligence WI '06 

Publisher: IEEE Computer Society 

Full text available: ^g?j pdf(1 89.03 KB) Additional Information: full citation , abstract 

The certificate is a central concept in Grid Security Infrastructure authentication. The 
certificate guarantees the authenticity of the data, thus effectively authenticating the 
sender. In this paper, we propose a secure certificate authentication framework using 
Counting Process to interact trusty for Grid users .We intend to apply this approach in 
secured performance on Grids as well as in grid application for authenticating users, 
protecting attacks, and recovering failed systems. The main id ... 

Keywords: Counting Process, RSA public key, Certificate, Authentication method and 
Authorization method 



8 IT workforce p re paration: Industry certification and academic degrees: 
<^ complementary, or poles apart? 
^ Leo Hitchcock 

April 2007 Proceedings of the 2007 ACM SIGMIS CPR conference on 2007 computer 
personnel doctoral consortium and research conference: The global 
information technology workforce SIGMIS-CPR '07 

Publisher: ACM Press 

Full text available: ^g |pdf(21 7.38 KB) Additional Information: full citation , abstract , references , index terms 

University ICT degrees give students a well-rounded, broad base with which to move into 
industry. Graduates may however find that without specific product skills many employers 
may be reluctant to hire them [9]. One method of credentialing for specific products that 
has become predominant, described as a "parallel universe" [1], and that many advocate 
as being complementary to and may integrate with academic degrees, is industry-based 
certification. Some however, see industry certifica ... 

Keywords: IS research, IT job market, academic curricula, industry certification, 
industry-based education 



9 Authentication: An approach to certificate path discovery in mobile Ad Hoc networks Q 
^ He Huang, Shyhtsun Felix Wu 

October 2003 Proceedings of the 1st ACM workshop on Security of ad hoc and sensor 

networks SASN '03 
Publisher: ACM Press 

i- ii* ,* i ui a j/M.cno i/m Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdfd 46.93 KB) 3 

^ terms 

Public key certificates prove validity and authenticity of their ownership and possibly other 
properties. Certificate path discovery is the critical process for public key verification in 
hierarchical public key infrastructure (PKI) diagrams. This process is conventionally done 
in centralized public key management system such as central CA or directory. However, in 
an infrastructure-less environment, such as a mobile ad hoc network, no such central 
service is present due to network dynamics. Tha ... 
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Keywords: MANET, certificate path discovery, public key infrastructure, security 



10 Use of nested certificates for efficient, dynamic, and trust preserving public key 
infrastructure 

Albert Levi, M. Ufuk Caglayan, Cetin K. Koc 

February 2004 ACM Transactions on Information and System Security (TISSEC), volume 

7 Issue 1 
Publisher: ACM Press 

i- in ,* i u. a jMoofiii i/d\ Additional Information: full citation , abstract , references , index terms . 

Full text available: to pdf(532.64 KB) — 

^ review 

Certification is a common mechanism for authentic public key distribution. In order to 
obtain a public key, verifiers need to extract a certificate path from a network of 
certificates, which is called public key infrastructure (PKI), and verify the certificates on 
this path recursively. This is classical methodology. Nested certification is a novel 
methodology for efficient certificate path verification. Basic idea is to issue special 
certificates (called nested certificates) for other certifica ... 

Keywords: Digital certificates, key management, nested certificates, public key 
infrastructure 



11 XML security: Certificate validation service usin g XKMS for computational grid | 
Namje Park, Kiyoung Moon, Sungwon Sohn 

October 2003 Proceedings of the 2003 ACM workshop on XML security XMLSEC '03 
Publisher: ACM Press 

Full text available: ^g| pdf(7.01 MB) Additional Information: full citation , abstract , references , index terms 

A computational grid is a hardware and software infrastructure capable of providing 
dependable, consistent, pervasive, and inexpensive access to high-end computational 
resource. There are many ways to access the resources of a computational grid, each with 
unique security requirements and implications for both the resource user and the resource 
provider. Current Grid security Infrastructure using PKI based on SSO. But open grid 
service Security Infrastructure in Global Grid Forum(GGF) will exten ... 

Keywords: GSI, XKMS, XML, XML security, certificate validation, grid, key management, 
security 



12 Using certes to infer client response time at the web server 
David Olshefski, Jason Nieh, Dakshi Agrawal 

February 2004 ACM Transactions on Computer Systems (TOCS), volume 22 issue 1 
Publisher: ACM Press 

i- ^ 1 ui 0i ^/n onuD\ Additional Information: full citation , abstract , references , citings , index 
Full text available: TCP pdnz.oU n\d) 

m terms 

As businesses continue to grow their World Wide Web presence, it is becoming 
increasingly vital for them to have quantitative measures of the mean client perceived 
response times of their web services. We present Certes (CliEnt Response Time Estimated 
by the Server), an online server-based mechanism that allows web servers to estimate 
mean client perceived response time, as if measured at the client. Certes is based on a 
model of TCP that quantifies the effect that connection drops have on mean ... 

Keywords: Web server, client perceived response time 
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13 Educator's symposiums: Preparin g undergraduate students for Java certification Q 
A. Ariel Ortiz 

V October 2003 Companion of the 18th annual ACM SIGPLAN conference on Object- 
oriented programming, systems, languages, and applications OOPSLA 
'03 

Publisher: ACM Press 

Full text available: ^ pdf(275,82 KB) Additional Information: full citation , abstract , references , index terms 

Java certification promises to make our students more marketable once they graduate. 
The truth is that certifications in general offer significant advantages, but it is important 
not to overestimate their benefits. In this paper, we describe our experiences on teaching 
a workshop aimed at preparing undergraduate students for the Sun Certified Java 
Programmer exam. But first, we layout the real value of IT certifications and explain the 
different certification options available for Java technolog ... 

Keywords: Java, SCJP, certification 



14 Certificate-based authorization policy in a PKI environment 
Mary R. Thompson, Abdelilah Essiari, Srilekha Mudumbai 

November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volume 6 Issue 4 
Publisher: ACM Press 

Full text available* Ddf(233 63 KB) Addit ' onal Information: full citation , abstract , references , citings , index 
' ! terms 

The major emphasis of public key infrastructure has been to provide a cryptographically 
secure means of authenticating identities. However, procedures for authorizing the 
holders of these identities to perform specific actions still need additional research and 
development. While there are a number of proposed standards for authorization 
structures and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key- 
based identities, none have been widely adopted. As part of an effort to us ... 

Keywords: Public key infrastructure, XML, digital certificates 



15 Larg e systems: Small worlds in security systems: an analysis of the PGP certificate Q 

^ Srdjan Capkun, Levente Buttyan, Jean-Pierre Hubaux 

September 2002 Proceedings of the 2002 workshop on New security paradigms NSPW 
'02 

Publisher: ACM Press 

Full text available* fi?|pdf (617 70 KB) Additional Information: full citation , abstract , references , citing s, index 

terms 

We propose a new approach to securing self-organized mobile ad hoc networks. In this 
approach, security is achieved in a fully self-organized manner; by this we mean that the 
security system does not require any kind of certification authority or centralized server, 
even for the initialization phase. In our work, we were inspired by PGP [15] because its 
operation relies solely on the acquaintances between users. We show that the small-world 
phenomenon naturally emerges in the PGP system a ... 

Keywords: PGP, public-key management, self-organization, small-world graphs 



16 Integrating third part y-certification with traditional computer education 
Michael L. Nelson, David Rice 
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December 2001 Journal of Computing Sciences in Colleges, volume 17 issue 2 
Publisher: Consortium for Computing Sciences in Colleges 

Full text available: ^| pdf(34.62 KB ) Additional Information: full citation , abstract , references , index terms 

Third-party, or independent certification has been receiving a lot of 'press' lately. 
Employers are looking for it, training agencies are pushing it, many educational 
institutions are looking at integrating it into their programs, and students are trying to 
figure out just how important it is and how to obtain it. This paper briefly considers the 
importance of third-party certification, and then looks at, how it has been integrated into 
the Computer Information Technology curriculum at Internatio ... 

17 Certifications - beat 'EM. join 'EM (or lose 'EM )? 
John Mason 

June 2003 Journal of Computing Sciences in Colleges, volume 18 issue 6 
Publisher: Consortium for Computing Sciences in Colleges 

Full text available: ^pdf (54.00 KB) Additional Information: full citation , references , citing s, index terms 



18 COCA: A secure distributed online certification authorit y 
Lidong Zhou, Fred B. Schneider, Robbert Van Renesse 

November 2002 ACM Transactions on Computer Systems (TOCS), volume 20 issue 4 
Publisher: ACM Press 

F II text available* f£\ odf(448 28 KB) Additional Information: full citation , abstract , references , citing s, index 
u vi -T^-fL-l : / terms 

COCA is a fault-tolerant and secure online certification authority that has been built and 
deployed both in a local area network and in the Internet. Extremely weak assumptions 
characterize environments in which COCA's protocols execute correctly: no assumption is 
made about execution speed and message delivery delays; channels are expected to 
exhibit only intermittent reliability; and with 3t + 1 COCA servers up to t may be faulty or 
compromised. COCA is the first system to integr ... 

Keywords: Byzantine quorum systems, Certification authority, denial of service, 
proactive secret-sharing, public key infrastructure, threshold cryptography 



19 A methodolo g y for certification of modeling and simulation applications 
Osman Balci 

October 2001 ACM Transactions on Modeling and Computer Simulation (TOMACS), 

Volume 11 Issue 4 
Publisher: ACM Press 

Full text available- IB pdf(2 44 MB) Additional Information: full citation, abstract, references, citings, index 
' ^ terms 

Certification of modeling and simulation (M&S) applications poses significant technical 
challenges for M&S program managers, engineers, and practitioners. Certification is 
becoming increasingly more important as M&S applications are used more and more for 
military training, complex system design evaluation, M&S-based acquisition, problem 
solving, and critical decision making. Certification, a very complex process, involves the 
measurement and evaluation of hundreds of qualitative and quantitativ ... 

Keywords: accreditation, certification, credibility assessment, evaluation, quality 
assessment, validation, verification 
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William M. Thomas, Deborah A. Cerino 

November 1995 Proceedings of the conference on TRI-Ada '95: Ada's role in global 
markets: solutions for a changing complex world TRI-Ada '95 

Publisher: ACM Press 

Full text available: *gj pdf(1 .35 MB) Additional Information: full citation , references 
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1 Enhancement of digital si g nature with message recovery using self-certified public 

ke ys and its variants 
^ Yi-Hwa Chen, Jinn-Ke Jan . 

July 2005 ACM SIGOPS Operating Systems Review, volume 39 issue 3 

Publisher: ACM Press 

Full text available: pdf( 2.51 MB ) Additional Information: full citation , abstract , references , index terms 

In 2003, Tseng et al. proposed a self-certified public key signature with message 
recovery, which gives two advantages: one is that the signer's public key can 
simultaneously be authenticated in verifying the signature and the other one is that only 
the specified verifier can recover the message. Lately, Xie and YU proposed an attack to 
the Tseng et al.'s scheme under the cases: the specified verifier substitutes his secret key 
or two or more specified verifiers cooperatively forge the signer's ... 



Keywords: authenticated encryption, forward secrecy, self-certified public key 



2 At the for g e: ebay web services 
Reuven M. Lerner 

August 2006 Linux Journal, volume 2006 issue 148 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: g[ htrnin.40 MB) Additional Information: full citation , abstract , index terms 



3 A survey on peer-to-peer key management for mobile ad hoc networks 
Johann Van Der Merwe, Dawoud Dawoud, Stephen McDonald 
April 2007 ACM Computing Surveys (CSUR), volume 39 issue 1 
Publisher: ACM Press 

Full text available: ^ pdf(872.71 KB ) Additional Information: full citation , abstract , references , index terms 

The article reviews the most popular peer-to-peer key management protocols for mobile 
ad hoc networks (MAIMETs). The protocols are subdivided into groups based on their 
design strategy or main characteristic. The article discusses and provides comments on 
the strategy of each group separately. The discussions give insight into open research 
problems in the area of pairwise key management. 
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Keywords: Mobile ad hoc networks, pairwise key management, peer-to-peer key 
management, security 



On the fly signatures based on factoring 
Guillaume Poupard, Jacques Stern 

November 1999 Proceedings of the 6th ACM conference on Computer and 

communications security CCS '99 
Publisher: ACM Press 

Full text available: « pdf( 786.71 KB) Additional ,nformation: citation , SbmA references , citings, index 
^ terms 

In response to the current need for fast, secure and cheap public-key cryptography 
largely induced by the fast development of electronic commerce, we propose a new on 
the fly signature scheme, i.e. a scheme that requires very small on-line work for the 
signer It combines provable security based on the factorization problem, short public and 
secret keys, short transmission and minimal on-line computation. It is the first RSA-like 
signature scheme that can be used for both ef ... 

Puttin g the U.S. standardization system into p ers pective: new insights 

Bob Toth 

December 1996 Standard View, volume 4 issue 4 
Publisher: ACM Press 

Full text available: ^] pdf(1 72.91 KB) Additional Information: full citation , abstract , references , index terms 

The odds are very high that an American attending an international standardization 
meeting or consulting in a foreign country will be asked about the U.S. standardization 
system. How is it organized? Who is responsible for developing standards? How many 
standards? Who sees to their implementation? What is the government's role? Why is 
there more than one standard for many commodities? Foreign engineers who are used to 
dealing with their national standards institute can be very critical of t ... 

6 Measurement-based standards for future information technology systems 
Shukri A. Wakid, Shirley M. Radack 
March 1997 StandardView, volume 5 issue l 

Publisher: ACM Press 

Full text available: |g| pdf(73.69 KB ) Additional Information: full citation , references , index terms , review 



Secrecy by typing in security protocols 
Martin Abadi 

September 1999 Journal of the ACM (JACM), volume 46 issue 5 
Publisher: ACM Press 

Full text available: « pdf(265.35 KB) Additional lnformation: MLdtatign, abstract, references , citings, index 

terms, review 

We develop principles and rules for achieving secrecy properties in security protocols. Our 
approach is based on traditional classification techniques, and extends those techniques 
to handle concurrent processes that use shared-key cryptography. The rules have the 
form of typing rules for a basic concurrent language with cryptographic primitives, the spi 
calculus. They guarantee that, if a protocol typechecks, then it does not leak its secret 
inputs. 

Keywords: cryptographic protocols, process calculi, secrecy properties 
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8 A wide-area Distribution Network for free software Q 
^ Arno Bakker, Maarten Van Steen, Andrew S. Tanenbaum 

v 7 August 2006 ACM Transactions on Internet Technology (TOIT), volume 6 issue 3 
Publisher: ACM Press 

Full text available: ^pdf( 215.08 KB ) Additional Information: full citation , abstract , references , index terms 

The Globe Distribution Network (GDN) is an application for the efficient, worldwide 
distribution of freely redistributable software packages. Distribution Is made efficient by 
encapsulating the software into special distributed objects which efficiently replicate 
themselves near to the downloading clients. The Globe Distribution Network takes a 
novel, optimistic approach to stop the illegal distribution of copyrighted and illicit material 
via the network. Instead of having moderators check the p ... 

Keywords: Distributed objects, copyright, file sharing, middleware, software distribution, 
traceable content, wide-area networks 



On the security of some proxy blind signature schemes 
Hung-Min Sun, Bin-Tsan Hsieh 

January 2004 Proceedings of the second workshop on Australasian information 
security, Data Mining and Web Intelligence, and Software 
Internationalisation - Volume 32 ACSW Frontiers '04 

Publisher: Australian Computer Society, Inc. 

Full text available* IS pdf (171.20 KB) Additional Information: full citation , abstract , references , citings, index 

terms 

A proxy blind signature scheme is a digital signature scheme which combines the 
properties of proxy signature and blind signature schemes. Recently, Tan et al. proposed 
two proxy blind signature schemes based on DLP and ECDLP respectively. Later, 
compared with Tan et al.'s scheme, Lai and Awasthi further proposed a more efficient 
proxy blind signature scheme. In this paper, we show that Tan et al.'s schemes do not 
satisfy the unforgeability and unlinkability properties. Moreover, we also point 0 ... 

Keywords: crypt-analysis, cryptography, elliptic curve, proxy signature 



10 Teaching secure communication protocols using a game representation 
Leonard G. C. Harney 

January 2003 Proceedings of the fifth Australasian conference on Computing 
education - Volume 20 ACE '03 

Publisher: Australian Computer Society, Inc. 

Full text available:^ pdf(252. 19 KB) Additional Information: full citation , abstract , references , index terms 

The Security Protocol Game is a highly visual and interactive game for teaching secure 
data communication protocols. Students use the game to simulate protocols and explore 
possible attacks against them. The power of the game lies in the representation of secret 
and public key cryptography. Specifically, the game provides representations for plain text 
and encrypted messages, message digests, digital signatures and cryptographic keys. 
Using these representations, students can construct public ke ... 

Keywords: PGP, blind signature, computer network, cryptography, digital signature, key 
exchange, man-in-the-middle attack, protocols, replay attack, secure communication 
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11 Pro g rammin g lan guag es for mobile code 
Tommy Thorn 
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September 1997 ACM Computing Surveys (CSUR), volume 29 issue 3 
Publisher: ACM Press 

Full text available* "H pdf (393.65 KB) Additional Information: full citation , abstract , references , citing s, index 
^ terms , review 

Sun's announcement of the programming language Java more that anything popularized 
the notion of mobile code, that is, programs traveling on a heterogeneous network and 
automatically executing upon arrival at the destination. We describe several classes of 
mobile code and extract their common characteristics, where security proves to be one of 
the major concerns. With these characteristics as reference points, we examine six 
representative languages proposed for mobile code. The conclusion ... 

Keywords: Java, Limbo, Objective Caml, Obliq, Safe-Tel, distribution, formal methods, 
mobile code, network programming, object orientation, portability, safety, security, 
telescript 



12 CHI 96 : a preview Q 
Peter Stevens 

January 1996 ACM SIGCHI Bulletin, Volume 28 issue l 
Publisher: ACM Press 

Full text available: ^| pdf(1.58 MB) Additional Information: full citation , index terms 




13 Unionization of professionals in data processing: an assessment of recent trends Q 
Theodor D. Sterling 

November 1982 Communications of the ACM, volume 25 issue 11 
Publisher: ACM Press 

Full text available: *g|pdf( 1.03 MB) Additional Information: full citation , abstract , references , index terms 

The needs of management, unions, employees, and computer professionals combined 
with existing practices of Labor Relations Boards and the various divisions in the 
Departments of Labor have combined to create a unique array of social conflicts. At the 
root are management's interest in keeping many skills in data processing and computing 
out of bargaining units and the union's interest in including as many of these skills as 
possible. There is also conflict between past strategies guiding lab ... 

Keywords: bargaining units, labor relations, software engineering, unionization of 
computer professionals 



14 Security II: Ne g lect of information privacy instruction: a case of educational 
mal practice? 

Victoria W. Romney, Gordon W. Romney 

October 2004 Proceedings of the 5th conference on Information technology education 
CITC5 '04 

Publisher: ACM Press 

Full text available: ^| pdf(1 28.22 KB) Additional Information: full citation , abstract , references , index terms 

Not only should InformationTechnology (IT) Educators be knowledgeable regarding data 
privacy legislation but they should be teaching correct system and database design 
principles to IT students in order to ensure future application design compliance with 
international legislative trends. Perhaps the most contentious and serious issue facing IT 
practitioners in the world today is data privacy. Data Privacy impacts every aspect of IT 
from database and application design to privacy and use polic ... 





http://portal.wm.or^ 8/10/07 



Results (page 1): +key, +"self certificate" application 



Page 5 of 6 



Keywords: European union directive, Gramm-Leach-Bliley, HIPAA, IT education, data 
privacy, database design, legal issues, legislation 



15 Editorial zone: How to lease the internet in your spare time Q 
Nick Feamster, Lixin Gao, Jennifer Rexford 

January 2007 ACM SIGCOMM Computer Communication Review, volume 37 issue l 
Publisher: ACM Press 

Full text available: ^|pdf (77.88 KB) Additional Information: full citation , abstract , references , index terms 

Today's Internet Service Providers (ISPs) serve two roles: managing their network 
infrastructure and providing (arguably limited) services to end users. We argue that 
coupling these roles impedes the deployment of new protocols and architectures, and that 
the future Internet should support two separate entities: infrastructure providers (who 
manage the physical infrastructure) and service providers (who deploy network protocols 
and offer end-to-end services). We present a high-level design for C ... 

16 Cry ptology I: An efficient digital signature using self-certified public key s Q 
Yuan Zhou, Zhenfu Cao, Rongxing Lu 

November 2004 Proceedings of the 3rd international conference on Information 
security InfoSecu '04 

Publisher: ACM Press 

Full text available: ^| pdf(318.70 KB ) Additional Information: full citation , abstract , references , index terms 

In this paper, we first analyse the notion of self-certified public keys, which was first 
introduced by Girault [5], and then we extend it. After that, we will adopt the extended 
concept to propose a new signature scheme. The proposed scheme has a property that 
the signer's public key can simultaneously be authenticated in verifying the signature. 
Compared to earlier self-certified signature schemes, our scheme is more efficient and 
provable secure. 
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terms 

Peer-to-peer (P2P) networks use the fundamental assumption that the nodes in the 
network will cooperate and will not cheat. In the absence of any common goals shared by 
the nodes of a peer-to-peer network, external motivation to cooperate and be trustworthy 
is mandated. Digital Reputations can be used to inject trust among the nodes of a 
network; This paper presents PRIDE, a reputation system for decentralized peer-to-peer 
networks. PRIDE uses self-certification a scheme for identification of pe ... 
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communications security ASIACCS '07 
Publisher: ACM Press 

Full text available: ^| pdf (444.72 KB) Additional Information: full citation , abstract , references 

Certificateless Public Key Cryptography (CL-PKC) enjoys a number of features of Identity- 
Based Cryptography (IBC) while without having the problem of key escrow. However, it 
does suffer from an attack where the adversary, Carol, replaces Alice's public key by 
someone's public key so that Bob, who wants to send. an encrypted message to Alice, 
uses Alice's identity and other's public key as the inputs to the encryption function. As a 
result, Alice cannot decrypt the message while Bob is u ... 



Keywords: certificateless encryption, certificateless signature 
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Full text available: g pdf( 470.52 KB) Additional Information: full citation , abstract , references 

A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a 
public-key infrastructure with the ability to recover private keys given some trap-door 
information. We present an additively homomorphic variant of an existing SE-PKI for 
EIGamal encryption. We also propose a new efficient SE-PKI based on the EIGamal and 
Okamoto-Uchiyama cryptosystems that is more efficient than the previous SE-PKI. This is 
the first SE-PKI that does not suffer from a key doubling proble ... 

Keywords: key recovery, public-key infrastructures, self-escrowed encryption 
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In this paper, we first, analyse the notion of self-certified public keys, which was first 
introduced by Girault [5], and then we extend it. After that, we will adopt the extended 
concept to propose a new signature scheme. The proposed scheme has a property that 
the signer's public key can simultaneously be authenticated in verifying the signature. 
Compared to earlier self-certified signature schemes, our scheme is more efficient and 
provable secure. 

Keywords: RSA, factoring, self-certified cryptosystem, signature 
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In 2003, Tseng et al. proposed a self-certified public key signature with message 
recovery/ which gives two advantages: one is that the signer's public key can 
simultaneously be authenticated in verifying the signature and the other one is that only 
the specified verifier can recover the message. Lately, Xie and YU proposed an attack to 
the Tseng et al.'s scheme under the cases: the specified verifier substitutes his secret key 
or two or more specified verifiers cooperatively forge the signer's ... 

Keywords: authenticated encryption, forward secrecy, self-certified public key 
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Publisher: ACM Press 

Full text available: ^ pdf(872. 71 KB ) Additional Information: full citation , abstract , references , index terms 

The article reviews the most popular peer-to-peer key management protocols for mobile 
ad hoc networks (MANETs). The protocols are subdivided into groups based on their 
design strategy or main characteristic. The article discusses and provides comments on 
the strategy of each group separately. The discussions give insight into open research 
problems in the area of pairwise key management. 
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We propose a new approach to securing self-organized mobile ad hoc networks. In this 
approach, security is achieved in a fully self-organized manner; by this we mean that the 
security system does not require any kind of certification authority or centralized server, 
even for the initialization phase. In our work, we were inspired by PGP [15] because its 
operation relies solely on the acquaintances between users. We show that the small-world 
phenomenon naturally emerges in the PGP system a ... 

Keywords: PGP, public-key management, self-organization, small-world graphs 
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No secure network file system has ever grown to span the Internet. Existing systems all 
lack adequate key management for security at a global scale. Given the diversity of the 
Internet, any particular mechanism a file system employs to manage keys will fail to 
support many types of use. We propose separating key management from file system 
security, letting the world share a single global file system no matter how individuals 
manage keys. We present SFS, a secure file system that avoids internal ... 
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This paper presents the description and analysis of a protocol, which uses hybrid crypto 
algorithms for key distribution. A triple DES with a 168-bit key is used to generate the 
secret key. This secret key is transferred with the help of public key cryptography. The 
authentication process is accomplished by using the message digest algorithm MD5. This 
protocol uses mutual authentication in which, both participants have to authenticate 
themselves via a third trusted certificate authority (CA). Th ... 
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^ He Huang, Shyhtsun Felix Wu 

V October 2003 Proceedings of the 1st ACM workshop on Security of ad hoc and sensor 
networks SASN '03 

Publisher: ACM Press 
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Public key certificates prove validity and authenticity of their ownership and possibly other 
properties. Certificate path discovery is the critical process for public key verification in 
hierarchical public key infrastructure (PKI) diagrams. This process is conventionally done 
in centralized public key management system such as central CA or directory. However, in 
an infrastructure-less environment, such as a mobile ad hoc network, no such central 
service is present due to network dynamics. Tha ... 
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In this paper, we argue that person-to-person key distribution is best accomplished with a 
key-centric approach, instead of PKI: users should distribute public key fingerprints in the 
same way they distribute phone numbers, postal addresses, and the like. To make this 
work, fingerprints need to be small, so users can handle them easily; multipurpose, so 
only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have 
to be frequently redistribute ... 

Keywords: cryptolDs, fingerprints, key distribution, key management, public key 
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Existing Web browsers handle security errors in a manner that often confuses users. In 
particular, when a user visits a secure site whose certificate the browser cannot verify, 
the browser typically allows the user to view and install the certificate and connect to the 
site despite the verification failure. However, few users understand the risk of man-in-the- 
middle attacks and the principles behind certificate-based authentication. We propose 
context-sensitive certificate verification (CSCV), w ... 

Keywords: HTTPS, SSL, Web browser, certificate, eavesdropping attack, just-in-time 
instruction, man-in-the-middle attack, password, safe staging, well-in-advance instruction 
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The Globe Distribution Network (GDN) is an application for the efficient, worldwide 
distribution of freely redistributable software packages. Distribution is made efficient by 
encapsulating the software into special distributed objects which efficiently replicate 
themselves near to the downloading clients. The Globe Distribution Network takes a 
novel, optimistic approach to stop the illegal distribution of copyrighted and illicit material 
via the network. Instead of having moderators check the p ... 

Keywords: Distributed objects, copyright, file sharing, middleware, software distribution, 
traceable content, wide-area networks 
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Security is paramount to the success of pervasive computing environments. The system 
presented in this paper provides a communications and security infrastructure that goes 
far in advancing the goal of anywhere-anytime computing. Our work securely enables 
clients to access and utilize services in heterogeneous networks. We provide a service 
registration and discovery mechanism implemented through a hierarchy of service 
management. The system is built upon a simplified Public Key Infrastructure t ... 

Keywords: distributed services, extensible markup language, pervasive computing, 
security, smartcards 
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In this paper, we consider efficient authenticated key establishment protocols between a 
sensor and a security manager in a self-organizing sensor network. We propose a hybrid 
authenticated key establishment scheme, which exploits the difference in capabilities 
between security managers and sensors, and put the cryptographic burden where the 
resources are less constrained. The hybrid scheme reduces the high cost public-key 
operations at the sensor side and replaces them with efficient symmetric- ... 
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In the Differentiated Services (DiffServ) architecture, each domain has a Bandwidth 
Broker to provide the resources management, primarily bandwidth reservation. In a 
multi-domain environment, Simple Inter-domain Bandwidth Broker Signaling (SIBBS) 
protocol is proposed for the inter-domain communication protocol proposed for bandwidth 
broker communication. Since the information exchanged between BBs are sensitive in 
sense of Service Level Agreement (SLA), the communications between the inter-domai ... 
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The authentication logic of Burrows, Abadi and Needham (BAN) provided an important 
step towards rigourous analysis of authentication protocols, and has motivated several 
subsequent refinements. We propose extensions to BAN-like logics which facilitate, for the 
first time, examination of public-key based authenticated key establishment protocols in 
which both parties contribute to the derived key (i.e. key agreement protocols). Attention 
is focussed on six distinct generic goals for authenti ... 
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